test

System Administration Guide

Chapter 59 Scheduling System Events (Tasks)

This chapter describes how to schedule routine or one-time system events by using the crontab and at commands. It also explains how to control access to these commands by using cron.deny, cron.allow, and at.deny files.

This is a list of the step-by-step instructions in this chapter.

Commands for Scheduling System Events

You can schedule system events to execute repetitively, at regular intervals, by using the crontab command.You can schedule a single system event for execution at a specified time by using the at command. Table 59-1 summarizes crontab and at, as well as the files that enable you to control access to these commands.

Table 59-1 Command Summary: Scheduling System Events

Command 

What It Schedules 

Location of Files 

Files That Control Access 

crontab

Multiple system events at regular intervals 

/usr/spool/cron/crontabs

or /var/spool/cron/crontabs

/etc/cron.d/cron.allow and /etc/cron.d/cron.deny

at

A single system event  

/usr/spool/cron/atjobs

or /var/spool/cron/atjobs

/etc/cron.d/at.deny

Scheduling a Repetitive System Event (cron)

The following sections describe how to create, edit, display, and remove crontab files, as well as how to control access to them.

Inside a crontab File

The cron daemon schedules system events according to commands found within each crontab file. A crontab file consists of commands, one per line, that will be executed at regular intervals. The beginning of each line contains date and time information that tells the cron daemon when to execute the command.

For example, a crontab file named root is supplied during SunOS software installation. Its contents include these command lines: 


0 20 * * 0,4 /etc/cron.d/logchecker
 5  4 * * 0   /usr/lib/newsyslog
15  3 * * *   /usr/lib/fs/nfs/nfsfind
 1  2 * * *  [ -x /usr/sbin/rtc ] && /usr/sbin/rtc -c > /dev/null 2>&1

The first command line instructs the system to run logchecker at 10 on Sundays and Thursdays nights. The second command line schedules the system to run newsyslog at 4:05 every Sunday morning. The third command line orders the system to execute nfsfind daily at 3:15 in the morning The fourth command line instructs the system to check for daylight savings time and makes corrections if necessary. If there is no RTC time zone nor an /etc/rtc_config file, this entry will do nothing.

For more information about the syntax of lines within a crontab file, see "Syntax of crontab File Entries".

The crontab files are stored in /usr/spool/cron/crontabs (or /var/spool/cron/crontabs). Several crontab files besides root are provided during SunOS software installation (see Table 59-2).

Table 59-2 Default crontab Files

crontab File

Function 

adm

Accounting 

lp

Printing 

root

General system functions and 

file system cleanup 

sys

Performance collection 

Other crontab files are named after the user accounts in which they are created, such as bob, mary, smith, or jones.

Besides the default crontab file, users can create crontab files to schedule their own system events. To access crontab files belonging to root or other users, superuser privileges are required.

Procedures explaining how to create, edit, display, and remove crontab files are described in "Commands for Scheduling System Events".

How the cron Daemon Handles Scheduling

The cron daemon handles the automatic scheduling of crontab commands. Its function is to check the /usr/spool/cron/crontab directory (or the /var/spool/cron/crontab directory, depending on your system configuration) for the presence of crontab files, normally every 15 minutes. It checks for new crontab files or changes to existing ones, reads the execution times listed within the files, and submits the commands for execution at the proper times.

In much the same way, the cron daemon controls the scheduling of at files, which are stored in the /usr/spool/cron/atjobs directory.

Syntax of crontab File Entries

A crontab file consists of commands, one per line, that execute automatically at the time specified by the first five fields at the beginning of each command line. These first five fields, described in Table 59-3, are separated by spaces. They indicate when the command will be executed.

Table 59-3 Values for crontab Time Fields

Time Field 

Values 

Minute  

0-59 

Hour 

0-23 

Day of month 

1-31 

Month 

1-12 

Day of week 

0-6 (0=Sunday) 

Follow these guidelines to use special characters in crontab time fields:

For example, the following sample crontab command entry displays a reminder in the user's console window at 4 p.m. on the first and fifteenth of every month. 


0 16 1,15 * * echo Timesheets Due > /dev/console

Each command within a crontab file must consist of one line, even if it is very long, because crontab does not recognize extra carriage returns. For more detailed information about crontab entries and command options, refer to crontab(1).

Creating and Editing crontab Files

The simplest way to create a crontab file is to use the crontab -e command to invoke the text editor set up for your system environment, defined by the EDITOR environment variable. If this variable has not been set, crontab uses the default editor ed. Define your EDITOR environment to be an editor you are familiar with. The following example shows how to check to see whether an editor has been defined, and how to set up vi as the default. 


$ which $EDITOR
$ 
$ EDITOR=vi
$ export EDITOR

When you create a crontab file, it is automatically placed in the /usr/spool/cron/crontabs directory and is given your user name. You can create or edit a crontab file for another user, or root, if you have superuser privileges.

Enter crontab command entries as described in "Syntax of crontab File Entries" on "Syntax of crontab File Entries".

How to Create or Edit a crontab File

  1. Be sure that you have access to the editor of your choice.

  2. (Optional) To create or edit a crontab file belonging to root or another user, become superuser.

  3. Create a new crontab file, or edit an existing one. 


    $ crontab -e [username]

    username

    Name of another user's account, and requires root privileges to create or edit. 

    Caution - Caution -

    If you accidentally enter the crontab command with no option, press the interrupt character for your editor. This allows you to quit without saving changes. Exiting the file and saving changes at this point would overwrite an existing crontab file with an empty file.

  4. Add command lines to the file, following the syntax described in "Syntax of crontab File Entries".

  5. Exit the file, saving the changes.

    The crontab file will be placed in /usr/spool/cron/crontabs.

  6. Verify the crontab file by using the crontab -l command.


    # crontab -l [username]

Example--Creating or Editing a crontab File

The following example shows how to create a crontab file for another user. 


# crontab -e jones

The following command entry added to a new crontab file will automatically remove any log files from the user's home directory at 1 every Sunday morning. Because the command entry does not redirect output, redirect characters are added to the command line after *.log to make sure that the command executes properly. 


# This command helps clean up user accounts.
1 0 * * 0 rm /home/jones/*.log > /dev/null 2>&1

How to Verify a crontab File

To verify that a crontab file exists for a user, use the ls -l command in the /usr/spool/cron/crontabs directory. For example, the following display shows that crontab files exist for users smith and jones. 


$ ls -l /usr/spool/cron/crontabs
-rw-r--r--  1 root     sys          190 Feb 26 16:23 adm
-rw-------  1 root     staff        225 Mar  1  9:19 jones
-rw-r--r--  1 root     root        1063 Feb 26 16:23 lp
-rw-r--r--  1 root     sys          441 Feb 26 16:25 root
-rw-------  1 root     staff         60 Mar  1  9:15 smith
-rw-r--r--  1 root     sys          308 Feb 26 16:23 sys

Verify the contents of user's crontab file by using crontab -l as described in "How to Display a crontab File" on "How to Display a crontab File".

Displaying crontab Files

The crontab -l command displays the contents of your crontab file much the way the cat command displays the contents of other types of files. You do not have to change directories to /usr/spool/cron/crontabs (where crontab files are located) to use this command.

By default, the crontab -l command displays your own crontab file. To display crontab files belonging to other users, you must be superuser.

How to Display a crontab File

  1. (Optional) To display a crontab file belonging to root or another user, become superuser.

  2. Display the crontab file. 


    $ crontab -l [username]

    username

    Name of another user's account, and requires superuser privileges to create or edit. 

    Caution - Caution -

    If you accidentally enter the crontab command with no option, press the interrupt character for your editor. This allows you to quit without saving changes. Exiting the file and saving changes at this point would overwrite an existing crontab file with an empty file.

Example--Displaying a crontab File

The following example shows how to use crontab -l to display the contents of the default user's crontab file, the default root crontab file, and the crontab file belonging to another user. 


$ crontab -l
13 13 * * * chmod g+w /usr/documents/*.book > /dev/null 2>&1
$ su
Password:
# crontab -l
#ident "@(#)root    1.12    94/03/24 SMI"    /* SVr4.0 1.1.3.1
   */
#
# The root crontab should be used to perform accounting data
# collection.
#
# The rtc command is run to adjust the real time clock if and when
# daylight savings time changes.
#
0 2 * * 0,4 /etc/cron.d/logchecker
5 4 * * 6   /usr/lib/newsyslog
15 3 * * * /usr/lib/fs/nfs/nfsfind
1 2 * * * [ -x /usr/sbin/rtc ] && /usr/sbin/rtc -c > /dev/null 2>&1
20 * * * * [ -x /usr/lib/inet/ntpdate ] && /usr/lib/inet/ntpdate
-m 224.0.1.1 >/dev/null 2>&1
# crontab -l jones
13 13 * * * cp /home/jones/work_files /usr/backup/. > /dev/null
2>&1

Removing crontab Files

By default, crontab file protections are set up so that you cannot inadvertently delete a crontab file by using the rm command. Instead, use the crontab -r command to remove crontab files.

By default, crontab -r removes your own crontab file. You must be superuser to remove crontab files belonging to superuser or other users.

You do not have to change directories to /usr/spool/cron/crontabs (where crontab files are located) to use this command.

How to Remove a crontab File

  1. (Optional) To remove a crontab file belonging to root or another user, become superuser.

  2. Remove the crontab file. 


    $ crontab -r [username]

    username

    Name of another user's account, and requires superuser privilegs to create or edit. 

    Caution - Caution -

    If you accidentally enter the crontab command with no option, press the interrupt character for your editor. This allows you to quit without saving changes. Exiting the file and saving changes at this point would overwrite an existing crontab file with an empty file.

  3. Verify the crontab file is removed.


    # ls /usr/spool/cron/crontabs

Example--Removing a crontab File

The following example shows how to use crontab -r to remove the default user's crontab file, as well as crontab files belonging to root and another user. ls verifies that the correct crontab files have been removed. 


$ ls /usr/spool/cron/crontabs
adm     jones     lp     root    smith    sys
$ crontab -r
$ ls /usr/spool/cron/crontabs
adm     jones     lp     root    sys
$ su
Password:
# crontab -r
# ls /usr/spool/cron/crontabs
adm     jones     lp    sys
# crontab -r jones
# ls /usr/spool/cron/crontabs
adm     lp    sys

Controlling Access to crontab

You can control access to crontab by using two files in the /etc/cron.d directory: cron.deny and cron.allow. These files permit only specified users to perform crontab tasks such as creating, editing, displaying, or removing their own crontab files.

The cron.deny and cron.allow files consist of a list of user names, one per line. These access control files work together like this:

Superuser privileges are required to edit or create cron.deny and cron.allow.

During Solaris software installation, a default cron.deny file is provided: 


$ cat /etc/cron.d/cron.deny
daemon
bin
smtp
nuucp
listen
nobody
noaccess

None of these user names can access crontab commands. You can edit this file to add other user names who will be denied access to the crontab command.

No default cron.allow file is supplied. This means that, after Solaris software installation, all users (except the ones listed in the default cron.deny file) can access crontab. If you create a cron.allow file, only these users can access crontab commands.

How to Deny crontab Access

  1. Become superuser.

  2. Using the editor of your choice, edit the /etc/cron.d/cron.deny file to add user names, one per line, who will be prevented from using crontab commands. 


    daemon
bin
smtp
nuucp
listen
nobody
noaccess
username1
username2
username3
.
.
.

  3. Exit the file, saving the changes.

  4. Verify the /etc/cron.d/cron.deny file. 


    # cat /etc/cron.d/cron.deny

How to Limit crontab Access to Specified Users

  1. Become superuser.

  2. Use the editor of your choice to create a file named /etc/cron.d/cron.allow.

  3. Enter the user names, one per line, who will be allowed to use crontab commands. 


    root
username1
username2
username3
.
.
.

    Be sure to add root to this list. If you do not, superuser access to crontab commands will be denied.

  4. Exit the file, saving the changes.

Examples--Limiting crontab Access to Specified Users

The following example shows a cron.deny file that prevents user names visitor, jones, and temp from accessing crontab. 


$ cat /etc/cron.d/cron.deny
daemon
bin
smtp
nuucp
listen
nobody
noaccess
jones
temp
visitor

The following example shows a cron.allow file. The users smith, jones, lp, and root are the only ones who may access crontab. 


$ cat /etc/cron.d/cron.allow
root
jones
lp
smith

How to Verify Limited crontab Accesss

To verify whether or not a specific user can access crontab, use the crontab -l command while logged into the user account. 


$ crontab -l

If the user can access crontab, and already has created a crontab file, it will be displayed. Otherwise, if the user can access crontab but no crontab file exists, a message like the following will be displayed: 


crontab: can't open your crontab file

This user either is listed in cron.allow (if it exists), or is not listed in cron.deny.

If the user cannot access crontab, the following message is displayed whether or not a previous crontab file exists: 


crontab: you are not authorized to use cron. Sorry.

This means either that the user is not listed in cron.allow (if it exists), or the user is listed in cron.deny.

Scheduling a Single System Event (at)

The following sections describe how to use at to schedule jobs (commands and scripts) for execution at a later time, how to display and remove these jobs, and how to control access to at.

By default, users can create, display, and remove their own at job files. To access at files belonging to root or other users, you must have superuser privileges.

When you submit an at job, it is assigned a job identification number along with the .a extension that becomes its file name.

at Command Description

Submitting an at job file includes:

  1. Invoking the at utility, specifying a command execution time.

  2. Entering a command or script to execute later.

    Note -

    If output from this command or script is important, be sure to direct it to a file for later examination.

For example, the following at job removes core files from the user account belonging to Smith near midnight on the last day of January. 


$ at 11:45pm January 31
at> rm /home/smith/*core*
at> Press Control-d
job 852755100.a at Wed Jan  8 13:25:00 1997

at Command Security

You can set up a file to control access to the at command, permitting only specified users to create, remove, or display queue information about their at jobs. The file that controls access to at, /etc/cron.d/at.deny, consists of a list of user names, one per line. The users listed in this file cannot access at commands.

The at.deny file, created during SunOS software installation, contains the following user names: 


daemon
bin
smtp
nuucp
listen
nobody
noaccess

With superuser privileges, you can edit this file to add other user names whose at access you want to restrict.

How to Create an at Job

  1. Enter the at facility, specifying the time you want your job executed, and press Return. 


    $ at [-m] time [date]

    -m

    Sends you mail after the job is completed. 

    time

    Hour that you want to schedule the job. Add am or pm if you do not specify the hours according to a 24-hour clock. midnight, noon, and now are acceptable keywords. Minutes are optional.

    date

    First three or more letters of a month, a day of the week, or the keywords today or tomorrow.

  2. At the at prompt, enter the commands or scripts you want to execute, one per line. You may enter more than one command by pressing Return at the end of each line.

  3. Exit the at utility and save the at job by pressing Control-d.

    Your at job is assigned a queue number, which is also its file name. This number is displayed when you exit the at utility.

Examples--Creating an at Job

The following example shows the at job that user jones created to remove her backup files at 7:30 at night. She used the -m option so that she would receive a mail message after her job completed. 


$ at -m 1930
at> rm /home/jones/*.backup
at> Press Control-d
job 852777000.a at Wed Jan  8 19:30:00 1997

She received a mail message which confirmed the execution of her at job. 


Your "at" job "rm /home/jones/*.backup"
completed.

The following example shows how Jones scheduled a large at job for 4:00 Saturday morning. The output of which was directed to big.file. 


$ at 4 am Saturday
at> sort -r /usr/dict/words > /export/home/jones/big.file

How to Display the at Queue

To check your jobs that are waiting in the at queue, use the atq command. This command displays status information about the at jobs that you created. 


$ atq

How to Verify an at Job

To verify that you have created an at job, use the atq command. The atq command confirms that at jobs belonging to jones have been submitted to the queue. 


$ atq
Rank     Execution Date     Owner      Job         Queue   Job Name
  1st   Jan  8, 1997 13:25   jones  852755100.a     a      stdin
  2nd   Jan  8, 1997 19:30   jones  852777000.a     a      stdin
  3rd   Jan 11, 1997 04:00   jones  858142000.a     a      stdin

How to Display at Jobs

To display information about the execution times of your at jobs, use the at -l command. 


$ at -l [job-id]
 
-l job-id

Identification number of the job whose status you want to examine. 

Example--Displaying at Jobs

The following example shows output from the at -l command, used to get status information on all jobs submitted by a user. 


$ at -l 
852755100.a     Wed Jan  8 13:25:00 1997
852777000.a     Wed Jan  8 19:30:00 1997
858142000.a     Sat Jan 11 04:00:00 1997

The following example shows output displayed when a single job is specified with the at -l command. 


$ at -l 858142000.a
858142000.a     Sat Jan 11 04:00:00 1996

How to Remove at Jobs

  1. (Optional) To remove an at job belonging to root or another user, become superuser.

  2. Remove the at job from the queue before it is executed. 


    $ at -r [job-id]
    		 
    -r job-id

    Identification number of the job you want to remove. 

  3. Verify the at job is removed by using the at -l (or the atq) command to display the jobs remaining in the at queue. The job whose identification number you specified should not appear.


    $ at -l [job-id]

Example--Removing at Jobs

In the following example, a user wants to remove an at job that was scheduled to execute at noon on March 1. First, the user displays the at queue to locate the job identification number. Next, the user removes this job from the at queue. Finally, the user verifies that this job has been removed from the queue. 


$ at -l 
852755100.a     Wed Jan  8 13:25:00 1997
852777000.a     Wed Jan  8 19:30:00 1997
858142000.a	    Sat Jan 11 04:00:00 1997
$ at -r 858142000.a
$ at -l 858142000.a
at: 858142000.a does not exist

Controlling Access to at

Users listed in the at.deny file cannot use at to schedule jobs or to check the at queue status.

The at.deny file is placed in the /etc/cron.d directory during Solaris software installation. At that time, the same users are listed in both this file and the default cron.deny file. 


daemon
bin
smtp
nuucp
listen
nobody
noaccess

Root permissions are required to edit this file.

How to Deny at Access

  1. Become superuser.

  2. Using the editor of your choice, open the /etc/cron.d/at.deny file.

  3. Add the names of users, one per line, who will be prevented from using at commands. 


    daemon
bin
smtp
nuucp
listen
nobody
noaccess
username1
username2
username3
.
.
.

  4. Exit the file, saving your changes.

Example--Denying at Access

The following example shows an at.deny file that has been edited so that the users Smith and Jones may not access at. 


$ cat at.deny
daemon
bin
smtp
nuucp
listen
nobody
noaccess
jones
smith

How to Verify at Access Is Denied

To verify whether or not a user's name was added correctly to /etc/cron.d/at.deny, use the at -l command while logged in as the user. If the user cannot access at commands, the following message is displayed. 


# su smith
Password:
$ at -l
at: you are not authorized to use at.  Sorry.

Likewise, if the user tries to submit an at job, the following message is displayed: 


$ at 2:30pm
at: you are not authorized to use at.  Sorry.

This confirms that the user is listed in the at.deny file.